Cryptojacking: Bitcoin Malware with Estaban Vargas

Malware is malicious software that makes money for the creator of that software. Malware can appear onto a user’s computer if that user visits a malicious website or installs malicious software by accident.

There are many types of malware. Spyware sits on your machine and logs your data in order to sell it. Ransomware can lock your computer and demand that you pay money to unlock it. Adware serves you popup ads that you don’t want to see.

Cryptojacking is a newer form of malware. Cryptojacking software uses your computer to mine Bitcoin and other cryptocurrencies. Cryptojacking can occur when you visit a website that is running JavaScript that is executing along with the rest of the webpage. When you visit a website with a cryptojacker, your computer will become slower, because your CPU is being taken over to mine cryptocurrency.

Cryptojacking can occur anywhere that code runs–and there is a lot of code running on cloud providers.

Cloud providers themselves are very secure. But a cloud provider cannot force its customers to be secure. Users who host an insecure application on a cloud provider may get infected with a cryptojacker. If I host a large, complex website on a cloud provider, and I’m serving millions of users, I’m already paying a lot in cloud costs. But when my application gets infected with a cryptojacker, my costs could shoot up. And if I don’t know why my costs are increasing, I might leave the cloud provider.

Estaban Vargas is the co-founder of SafeTalpa, a company that provides defense against cryptojackers. Estaban joins the show to explain how cryptojackers work and why cloud providers have trouble defending against them.

Sponsors

Gremlin prepares your company for outages. They provide resilience as a service, using chaos engineering techniques pioneered at Netflix and Amazon. Prepare your team for disaster by proactively testing failure scenarios. Max out CPU, blackhole or slow down network traffic to a dependency, terminate processes and hosts. Each of these show you how your system reacts, allowing you to harden things before a production incident. Check out Gremlin and get a free demo by going to gremlin.com/sedaily.

Blockstack is an open computing protocol for building applications where users truly own their data, own their identity, and even their content and connections. With a Blockstack ID, users can have a more transparent identity system rather than the modern Internet identity systems that are closely tied to advertising. At blockstack.org/sedaily you can learn about how to build decentralized applications easily.

The O’Reilly Software Architecture Conference in Silicon Valley will cover complex topics from microservices to domain-driven design and feature different styles of learning, from 50-minute sessions to 2-day training courses. Get 20% off of most passes to Software Architecture when you use code “SE20” during registration at oreillysacon.com/sedaily.

Get ready to build content-rich websites and professional web applications with Wix Code. Store and manage unlimited data with built-in databases, create dynamic pages, make custom forms and take full control of your site’s functionality with Wix Code APIs and JavaScript. Plus, now you can get 10-percent off your Premium plan. Go to Wix.com/SED.